Coronavirus Is Falling Asleep, Cybercriminals Are Not
After weeks during which news was dominated by information about rising statistics and new coronavirus cases increase, the world can finally take a breath. Instead of crisis management, it is time to analyze the event and start taking steps to be better prepared in the future. And I am not talking only about studying the virus itself, developing the vaccine or restocking face masks. Unfortunately, the pandemic has showed that there are many people and organizations who do not hesitate to misuse the situation to their personal advantage or simply because they want to do harm. For these, it is necessary to be thoroughly prepared.
Since March, at least five hospitals have happened to be a target of a cyber-attack. While the hospital in Benešov was completely paralyzed by the attack, The University Hospital Brno, fortunately, stepped in in time and was able to prevent a more serious damage. Attacks in other three medical facilities were prevented. Why hospitals? And why at a time when they're under huge pressure due to the pandemic? According to information released by security services, financial profit was not the only hackers` goal. Rather than that, they sought to escalate the complicated situation in which the critical infrastructure found itself during the pandemic. And because cybercriminals prefer to attack the weakest and most vulnerable targets, this time they have chosen hospitals.
That is why post-crisis planning should definitely include plans to better secure institutions that are essential and irreplaceable in times of crisis. I am afraid that the attacks will not stop with the end of the pandemic - cybercriminals are just waiting for new topics to start causing trouble and uncertainty again. Topic that will bring them enough profit.
It is reasonable to expect that the state will now rather look for places to save money than make large investments. However, saving money on IT security could be the biggest mistake. Attacks on hospitals should serve as a wake-up call for government officials; however, at a time when topics like rescuing an airline or insufficient support for affected businesses are being addressed, cybersecurity may not be the top priority.
Companies have found themselves in a similar situation. Unfortunately, many of them are dealing with existential issues due to the pandemic. Despite these, for many of the companies, this can be an impulse for further digitalization or transferring a part of their business to the online world. The last crisis in 2008 showed that companies investing in technology and security significantly benefited from this in the following years.
The need for good security is already evident today with a large part of employees working from home. Thanks to the home office, many companies were able to continue working even during the pandemic but at the same time many were exposed to security risks which they were not prepared for. One of the biggest risks turned out to be employees themselves. Their home networks are not secured enough compared to the company ones, and for hackers it is much easier to break into them. When working from home, employees are also less cautious - they use insecure channels to share company data and the number of intentional data leaks is increasing.
The coronavirus crisis has showed (too harshly, I would say) what a precious help the online environment and modern technologies can be to maintain economic performance. However, it has also showed the risks associated with this transition to the online space.
This article was also published on Aktuálně.cz